[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


For the interim, the solution might be to have an extension that
besides pushing PFS (and alerting when it doesn't work) would cache
the Cert hashes or more and allow a browser (e.g. firefox) to run with
all CAs as untrusted, but then do a verification on a per-site basis.

The big hole in web page security is that there is the web page, then
there is the extra info like javascript and css.

So, for example, https://amazon.com might be accepted, but
https://images-na.cdn.azws.com is in the background ready to rewrite
the entire page.

And the page will be broken until you manually "view source" and open
a link and allow the cert/CA/page for the